Threat Outbreak Alert RuleID27450: Email Messages Distributing Malicious Software on January 26, 2017


Medium Alert ID: 52432 First Published: 2017 January 26 15:19 GMT Version: 1 ## Summary * Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID27450) may contain the following files: **Name** | **Size in Bytes** | **MD5 Checksum** ---|---|--- IMG-0650257.ACE / IMG-0650257.scr | 487,424 | 0x956D7150F28F392A46B13DD5977DC838 The following text is a sample of the email message that is associated with this threat outbreak: > Subject: **Purchase Order: IMG-0650257** Message Body: **Dear Sir/Madam, Please find attached an electronically generated Purchase Order and Supplier Code of Conduct. Please do not reply to this email as it is automatically generated. All Purchase Orders must be fulfilled at the price and quantity shown on the Purchase Order. Acceptance of this Purchase Order constitutes acceptance to all Term and Conditions herein. Should you have any issues with supply of the Purchase Order or require further assistance, please contact the requester (as noted on the purchase order) and advise. DHL reserves the right to cancel this purchase order if full supply cannot be completed within the agreed leadtime. Please ensure the Purchase Order number is clearly referenced on your invoice as failure to do so, could impede payment. Regards, DHL Note: Please do not reply to this email. This mailbox does not allow incoming messages. ****************************************************************** This email and any files and data transmitted with it are confidential to the intended recipient(s) only and may not be disclosed to, used by, relied on or copied in any way by anyone other than the intended recipient(s). If you are not the intended recipient(s) of this email please notify the sender immediately by email and then delete the whole of this email, including any files and data transmitted with it. DHL International, its subsidiaries, affiliates, employees and directors do not accept any responsibility for viruses or any loss or damage arising from the use of this email or any files and data transmitted with it. ******************************************************************** Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user. ## Revision History * Version | Description | Section | Date ---|---|---|--- 1 | Initial release to report significant activity detected by Cisco Security on January 26, 2017. | — | 2017-January-26 Show Less * * * ## Legal Disclaimer * THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products